The target: Over 17,000 websites using Amazon’s S3 public cloud storage.
The take: Credit Card payment information and personal data.
The attack vector: MageCart Group perpetrated the hacking campaign which methodically scanned and identified 17,000 unique, misconfigured Cloud Storage buckets. After locating an unsecured cloud storage server, they focused on JavaScript files which they then downloaded, added their card skimming script, and then reuploaded the now infected files.
Reuters: National Australia Bank Ltd (NAB.AX) said 13,000 customers are being contacted after a data breach where personal data was uploaded without permission to two data service companies.
CNN: If you're among the 147 million Americans whose credit data was compromised in the 2017 Equifax data breach, read on. You may be eligible for compensation.
CBC: The fine is the largest the Federal Trade Commission has levied on a tech company, though it won't make much of a dent for a company that had nearly $56 billion US in revenue last year.
CNN: The National Security Agency announced Tuesday it is creating a new Cybersecurity Directorate, which will "unify NSA's foreign intelligence and cyberdefense missions and is charged with preventing and eradicating threats to National Security Systems and the Defense Industrial Base."
The Straits Times: The entire public service will have to conform to a common framework to safeguard citizens' personal data, beginning with 13 new measures developed after a spate of breaches in the past year.
Venture Beat: CEO Harold Brewer says the DefenseStorm team will work with the VC firm’s Georgian Impact team to accelerate adoption of applied AI and will tap its expertise to further develop DefenseStorm’s solutions suite and build out its sales and engineering team.
ZDNet: Cyberattacks and data breaches have cost UK mid-market companies over £30 billion, yet organisations remain complacent about their cybersecurity capabilities – putting them at greater risk from hackers and cybercrime.
The target: Bitpoint - A Tokyo based cryptocurrency exchange.
The take: 28 million USD total. 24 million were customer assets and 4 million were company assets. All of Bitpoint’s services are now suspended for customers.
The attack vector: Unauthorized access to its hot (stored/accessible online) wallet system through the mismanagement and compromise of user’s private keys. No breach of cold (offline storage) wallets were detected.
Financial Times Adviser: Speaking at the FCA’s annual public meeting, July 17, Megan Butler said the number of incidents reported to the regulator had increased to 916 for the year 2018-19 from 229 the year before.
Cision: Advisor Group, one of the nation's largest networks of independent wealth management firms, comprising FSC Securities Corporation, Royal Alliance Associates, SagePoint Financial and Woodbury Financial, announced the introduction of the CyberGuard Program, an evolving toolkit of cybersecurity services and support platforms aimed at empowering its 7,000 advisors across the country to protect themselves and their clients from the ever-increasing threat of cyber-attacks.
Reuters: A 20-year-old Bulgarian cybersecurity worker has been arrested and charged with hacking the personal and financial records of millions of taxpayers, officials said on, as police continue to investigate the country’s biggest-ever data breach.
Retail Banker International: Banking cybersecurity and cyber-compliance services provider DefenseStorm has raised $15m in a Series A financing round.
The financing round was led by Georgian Partners. As a part of the deal, Georgian Partners managing partner Justin LaFayette will join the DefenseStorm board of directors.
Standard Digital: Banks and mobile money firms will from October be required to furnish the Central Bank of Kenya (CBK) with information on cyber-attacks on a real-time basis.
This latest measure follows a decision by the banking regulator to step up surveillance on cyber fraud.
Law.com: Peter Marta, most recently chief cybersecurity lawyer at JPMorgan Chase & Co., has joined the privacy and cybersecurity practice of Hogan Lovells in New York as a partner, where he plans to help clients handle regulatory issues and cyber threats.
BBC: The Federal Trade Commission (FTC) has been investigating allegations that political consultancy Cambridge Analytica improperly obtained the data of up to 87 million Facebook users.
The target: The American Land Title Association (ALTA)
The take: Usernames and passwords of insurance agents, abstracters and underwriters.
The attack vector: A threat actor claiming to be an ethical hacker who claimed they had access to over 600 records. They also enacted a phishing campaign asking members to open a PDF listing the membership directory to confirm their information.
Business Standard: An estimated two million cyber attacks in 2018 resulted in more than $45 billion in losses worldwide as local governments struggled to cope with ransomware and other malicious incidents, a study showed.
Reuters: Mozilla said in a statement it was rejecting the UAE’s bid to become a globally recognized internet security watchdog, empowered to certify the safety of websites for Firefox users.
Mozilla said it made the decision because cybersecurity firm DarkMatter would have administered the gatekeeper role and it had been linked by Reuters and other reports to a state-run hacking program.
Financial Review: The venture capital arm of National Australia Bank has led a $US10 million ($14 million) investment in Silicon Valley-based cyber security start-up Digital Shadows, a business which helps brands identify their exposure to cyber threats and better manage their digital assets.
Bloomberg: The cyber attack, which Marriott disclosed last year, exposed information on 339 million guest records, including 7 million related to British residents, the U.K. Information Commissioner’s Office said in a statement. It’s the second time in two days the regulator has taken advantage of far-reaching European Union powers after proposing a 183.4 million-pound penalty against British Airways.
CBC: The Office of the Privacy Commissioner of Canada and its Quebec equivalent said the probes will examine whether Desjardins was in compliance with federal and provincial laws around personal information protection.
Orange: With more than 660 employees, SecureLink reported revenues of 248 million euros in 2018. Today, the company serves more than 2,100 customers from a wide range of industries. SecureLink offers its customers specialist services in cybersecurity consulting, security maintenance and around-the-clock support from its “CyberSOCs” (Cyber Security Operations Centers), as well as advanced incident detection and response capabilities.
Mondaq: The Canadian government’s Canadian Centre for Cyber Security (“CCCS”) has released Baseline cybersecurity controls for small and medium organizations in an effort to help small and medium-sized businesses improve their cybersecurity practices and their overall resiliency to cybersecurity threats.
The target: The Georgia Institute of Technology, a public university headquartered in Atlanta
The take: The personal information of 1.3 million employees and students, including names, addresses, social security numbers and dates of birth.
The attack vector: Security failures in a web application allowed attackers to access the connected database and exfiltrate the contained data.
Investment Executive: Fake, unregistered investment schemes and other sorts of scams being touted on social media are the focus of a new investor warning from U.S. derivatives regulators.
The U.S. Commodity Futures Trading Commission (CFTC) issued an advisory warning investors about scammers utilizing social media platforms to lure victims.
Business Wire: This cooperation strengthens the existing relationship between the two organizations, ensuring information and technology sharing can support INTERPOL in cybercrime-related investigations. Within the new agreement, Kaspersky will share information about its cyberthreat research and provide the necessary tools to assist with full digital forensics, aimed at strengthening efforts on the prevention of cyberattacks.
Insurance Business Magazine: It has allocated $8 million over the next four years to help implement its efforts - this is on top of $9.3 million increased funding for CERT NZ.
The Economic Times: India and Japan have decided to collaborate in the areas of cybersecurity and outer space as part of their growing security partnership in the Indo-Pacific region, a development that comes in the backdrop of increasing violation of social media platforms by extremists and India’s successful Anti-Satellite Weapons (ASAT) test.
Computer Weekly: The goals and regulations set out in the legislation represent the end-product of several years of close consultation by the Swedish government with the IT industry and digital players. This collaboration focused on preparedness and drawing up legislation that would add an effective weapon to Sweden’s cyber threat defence arsenal.
S&P Global: One of the sources noted the algorithm of the system would look at a banking customer and compare its financial behavior with other similar customers and make a probability if there is anything suspicious. The talks are understood to be a "multiyear conversation," according to the sources.
ZDNet: Officials from Lake City, Florida, have fired an IT employee last week after the city was forced to approve a gigantic ransomware payment of nearly $500,000 last Monday.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy